Blog

NASA Suffers Data Breach With Device Connected To Network

Not even NASA is immune to hacking. Recently, the American space agency announced that they traced a breach back to April of 2018.

That was when a group described as an APT (Advanced, Persistent Threat) breached the Jet Propulsion Laboratory's network via a 'Raspberry-Pi' device that was improperly connected to the network.

The hackers made off with more than 500MB worth of data in 23 files. Two of the files contained sensitive information relating to international Traffic in Arms Regulations relating to the Mars Science Laboratory mission.

According to investigators, the reason the hackers were able to burrow so deeply into the agency's networks from a third-party device was that the agency did not have their network properly segmented. Once the hackers gained access, they could go pretty much anywhere they wanted.

"We also found that security problem log tickets, created in the TISB when a potential or actual IT system security vulnerability is identified, were not resolved for extended periods of time - sometimes longer than 18 days." The investigators from the OIG said.

Late last year, the US Department of Justice charged a pair of Chinese nationals for hacking cloud providers, the US Navy, and NASA. The DOJ's filings identified the pair as part of one of the Chinese government's elite hacking corps known as APT10.

Given that, it is entirely possible that APT10 was behind the Raspberry Pi incident. They certainly have the skills, means and motive. Especially given Chinese interest in US technology in general and their recent big push for space exploration.

Clearly, NASA has some work to do to shore up their security, and the hope is that now that these events have come to light, the agency will take decisive steps to do just that. Good luck, NASA.

No Catch. No Obligation.
Stay ahead of the hackers with tips for setting up safe Work From Home networks and gain an opportunity to receive a FREE Copy of the Business Guide to Setting Up Work from Home or Remote Network Access.

First Name *

Last Name *

Company *

Email *

Phone

“We have a sense of comfort that we have not experienced with other IT firms”

Since eTrepid has taken over management of Reilly Benefits IT, we have been very pleased with the performance, responsiveness and communication. We have a sense of comfort that we have not experienced with previous IT firms and are very happy with our decision to make the change.

Amy Felix

“The ability to adapt to growing business requirements”

eTrepid remains a strong Strategic Partner of NSI. Their customer service and ability to adapt to growing business requirements is far above anything we have experienced.